Adding a Certificate
Scenarios
To enable authentication for securing data transmission over HTTPS, ELB allows you to bind certificates to HTTPS listeners of a load balancer.
- Server certificate: You can purchase a certificate from SSL Certificate Manager (SCM) or upload your own certificates.
- CA certificate: You can only upload your own CA certificates.
If you want to use the same certificate in two regions, you need to create a certificate in each region.
Adding a Server Certificate
- Log in to the management console.
- In the upper left corner of the page, click and select the desired region and project.
- Hover on in the upper left corner to display Service List and choose Networking > Elastic Load Balance.
- In the navigation pane on the left, choose Certificates.
- Click Add Certificate on the top right corner and set parameters by referring to Table 1.
Table 1 Server certificate parameters Parameter
Description
Example Value
Certificate Type
Specifies the certificate type.
- Server certificate: used for SSL handshake negotiations if an HTTPS listener is used. Both the certificate content and private key are required.
- CA certificate: issued by a certificate authority (CA) and used to verify the certificate issuer. If HTTPS mutual authentication is required, HTTPS connections can be established only when the client provides a certificate issued by a specific CA.
Server certificate
Source
Specifies the source of a certificate. You can purchase a certificate from SCM or upload your own certificates.
- SCM certificate: server certificate provided by SCM. You need to buy a certificate or upload your own certificate on the SCM console.
- Your certificate: You need to upload the certificate content and private key of your own certificate on the ELB console.
NOTE:You are advised to use SCM to manage your certificates.
SCM certificate
Certificate
This parameter is only available for SCM certificates.
You can select certificates provided by SCM.
-
Certificate Name
Specifies the name of your certificate.
This parameter is only available for your certificates.
-
Enterprise Project
Specifies an enterprise project by which cloud resources and members are centrally managed.
default
Certificate Content
Specifies the content of a certificate. This parameter is only available for your certificates.
The content must be in PEM format.
Click Upload and select a certificate. Ensure that your browser is the latest version.
The format is as follows:
-----BEGIN CERTIFICATE----- Base64–encoded certificate -----END CERTIFICATE-----
-
Private Key
Specifies the private key of a certificate. This parameter is only available for your certificates.
Click Upload and select a private key. Ensure that your browser is the latest version.
The value must be an unencrypted private key. The private key must be in PEM format. The format is as follows:-----BEGIN PRIVATE KEY----- [key] -----END PRIVATE KEY-----
-
Domain Name
The domain name must be specified if the certificate is intended for SNI.
Only one domain name can be specified for each certificate, and the domain name must be the same as that in the certificate.
-
Description
(Optional) Provides supplementary information about the certificate.
-
Adding a CA Certificate
- Log in to the management console.
- In the upper left corner of the page, click and select the desired region and project.
- Hover on in the upper left corner to display Service List and choose Networking > Elastic Load Balance.
- In the navigation pane on the left, choose Certificates.
- Click Add Certificate on the top right corner and set parameters by referring to Table 2.
Table 2 CA certificate parameters Parameter
Description
Example Value
Certificate Type
Specifies the certificate type.
- Server certificate: used for SSL handshake negotiations if an HTTPS listener is used. Both the certificate content and private key are required.
- CA certificate: issued by a certificate authority (CA) and used to verify the certificate issuer. If HTTPS mutual authentication is required, HTTPS connections can be established only when the client provides a certificate issued by a specific CA.
CA certificate
Certificate Name
Specifies the name of the CA certificate.
-
Enterprise Project
Specifies an enterprise project by which cloud resources and members are centrally managed.
default
Certificate Content
The content must be in PEM format.
Click Upload and select a certificate. Ensure that your browser is the latest version.
The format is as follows:
-----BEGIN CERTIFICATE----- Base64–encoded certificate -----END CERTIFICATE-----
-
Description
(Optional) Provides supplementary information about the certificate.
-
- Click OK.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot